Back

Denial of Service Vulnerability in Ubuntu dpkg Tool

Severity: Medium (Score: 45.9)

Sources: Linuxsecurity, Ubuntu

Summary

A denial of service vulnerability has been identified in the dpkg tool of Ubuntu versions 25.10 and 24.04 LTS. Discovered by Yashashree Gund, the issue arises when dpkg-deb improperly handles specially crafted zstd-compressed .deb archives. If exploited, this flaw could cause dpkg-deb to stop responding, affecting both users and automated systems. The vulnerability is tracked as CVE-2026-2219 and was published on March 7, 2026. Users are advised to update to the latest package versions to mitigate the risk. The affected versions are dpkg 1.22.21ubuntu3.2 for Ubuntu 25.10 and dpkg 1.22.6ubuntu6.6 for Ubuntu 24.04 LTS. A standard system update will apply the necessary changes. Key Points: • Denial of service vulnerability affects Ubuntu 25.10 and 24.04 LTS. • Exploitation could cause dpkg-deb to stop responding when handling crafted .deb files. • Users should update to specific dpkg versions to mitigate the risk.

Key Entities

  • DDoS (attack_type)
  • Denial of Service (attack_type)
  • CVE-2026-2219 (cve)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed